home

download_i_am_alive.exe

MiniDownloader

Ztorm AB

This is a setup program which is used to install the application. The file has been seen being downloaded from secure.nuuvem.com.
Publisher:
Ztorm AB  (signed and verified)

Product:
MiniDownloader

Version:
1.0.0.0

MD5:
25c35b6c69df154f49d9c4f35bdb3158

SHA-1:
bf7471dab6e37c3dbce3730fc1822156b4dd6f0d

SHA-256:
7c46ea41c598e6ebc591cb9c839b17640574e53e756a63002476633cd0a5470a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/6/2024 5:21:30 AM UTC  (today)

File size:
458.2 KB (469,150 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
MD.UI.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\download_i_am_alive.exe

Digital Signature
Signed by:
Ztorm AB

Authority:
thawte, Inc.

Valid from:
11/4/2014 10:00:00 PM

Valid to:
11/14/2016 9:59:59 PM

Subject:
CN=Ztorm AB, OU=SECURE APPLICATION DEVELOPMENT, O=Ztorm AB, L=Stockholm, S=Stockholm, C=SE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
694CC53839BD76C03EC4841C2BD5704A

File PE Metadata
Compilation timestamp:
3/24/2014 10:02:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:cP9Ml3JaojLSF79toxqLCLkbr19S/MGVX:cPgRn5qLCLkbZuX

Entry address:
0x6AD12

Entry point:
FF, 25, 20, AD, 46, 00, 00, 00, 00, 00, 00, 00, 00, 00, F4, AC, 06, 00, 00, 00, 00, 00, 00, 00, 00, 00, F3, 2C, 30, 53, 00, 00, 00, 00, 02, 00, 00, 00, 86, 00, 00, 00, 44, AD, 06, 00, 44, 8F, 06, 00, 52, 53, 44, 53, 66, 67, 55, 9A, DA, 78, 1E, 4E, 8F, C4, A8, 29, 12, 95, 86, D4, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 4D, 61, 72, 74, 69, 6E, 20, 48, 6A, 65, 72, 6E, 65, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 4A, 6F, 62, 62, 65, 74, 5C, 5A, 74, 6F, 72, 6D, 20, 57, 6F, 72, 6B, 69, 6E, 67, 20, 44, 69...
 
[+]

Code size:
419.5 KB (429,568 bytes)

The file download_i_am_alive.exe has been seen being distributed by the following URL.

https://secure.nuuvem.com/account/.../download?file_id=5596ac4f69702d401900066e&item_id=5596ac0a69702d79fc001c31

Scan download_i_am_alive.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.